This issue needs a solution.

Internal Port Sweep Explaination.

Created: 20 Jun 2011
Login to vote
0 0 Votes

My name is Thomas Moore and I new to Symantec and I am new to Symantec. Can you explain this to me

Internal IP address 12.345.67.89 has attempted to connect to port 80 on at least 10 different hosts within 300 seconds.

What does this mean and how to go by that?? Thanks in advance.

Filed Under

Comments

Thomas K's picture
Thomas K
Accredited
20
Jun
2011

What is the role of

What is the role of 12.345.67.89? Are there any shared applications being used from that client? If not, that system (12.345.67.89) may be infected and is trying to spread a worm.

Make sure that system has the latest definitions and run a full scan in Safe-mode. make sure that the OS is up to date and all security patches are installed.You might want to go to that client and run  the Power Eraser or SERT utility to check for infection.

 

PE - http://www.symantec.com/business/support/index?pag...

SERT - http://www.symantec.com/business/support/index?pag...

Ooyala - Check us out!

23
Jun
2011

Dear Thomas, I think it

Dear Thomas,

I think it should be a a confirmed malware infection. Because 12. is an Internet IP address of a reputed brand (as illustrated in the attachment). The malware is supposedly involving in a IP-spoofing.

ip.png
Thomas K's picture
Thomas K
Accredited
23
Jun
2011

thomasmore23, I guess I need

thomasmore23, I guess I need glasses, because I missed the fact that that IP address is invalid. Have you run the tools suggested  to scan for malware?

Ooyala - Check us out!

30
Jun
2011

Yes the Symantec Power Eraser

Yes the Symantec Power Eraser

                      _____________________________
         
 Thomas Moo